Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

The fallout from the binary planting vulnerabilities plaguing scores of programs running on Windows continued today as more names of susceptible applications became public and the number of exploits exploded.

Belgian security site Corelan.be listed dozens of vulnerable applications, including several Microsoft programs. Among them are Microsoft Word 2007, Microsoft Office PowerPoint 2010 and Microsoft Office Visio 2003. VUPEN Security also published a list of vulnerable applications that featured programs such as Mozilla Firefox and Adobe Photoshop.

"Thus far, we have not observed any in-the-wild attacks leveraging this new attack vector, but we have heard some reports of limited exploitation," said Marc Fossi, manager of research and development for Symantec Security Response. "This doesn't come as a surprise, however, since exploit code for some applications affected by this issue is now public."

During the week of Aug. 16, researchers at Acros Security said they had found more than 200 applications vulnerable to the bugs. Rapid7 Chief Security Officer HD Moore also said at the time he had found dozens of vulnerable applications on his own as well. Moore recently updated an auditing tool he developed to identify vulnerable applications on a local machine more quickly.

Further reading

According to Microsoft, binary planting bugs are caused by applications passing an insufficiently qualified path when loading an external library. Most of the bugs Acros Security found-which totaled 520-were DLL (dynamic link library) file loading issues, while the rest were due to insecure loading of executables such as .exe and .com files.

To exploit the issue, attackers need to trick users into opening a file using a vulnerable program.

"When the application loads one of its required or optional libraries, the vulnerable application may attempt to load the library from the remote network location," Microsoft explained in an advisory released Aug. 23. "If the attacker provides a specially crafted library at this location, the attacker may succeed at executing arbitrary code on the user's machine." Remote binary planting bugs "can be exploited over network file systems such as ... WebDAV and SMB."

Microsoft has issued some guidance to help developers working with .DLL files avoid the vulnerabilities as well as a tool "that helps customers address the risk of the remote attack vendor through a per-application and global configuration setting."

To mitigate the issue, organizations can also disable the WebClient service or block TCP ports 139 and 445 at the firewall, Microsoft advised.

Actually fixing the affected applications does not appear to be overly difficult, Fossi said.

"However, the challenge is in the number of applications out there, especially older programs, that are potentially vulnerable," he added. "Simply raising awareness among application developers is going to be a major hurdle. ... According to Microsoft, directly addressing this issue in Windows will result in the loss of some expected functionality. As a result, they are recommending that the onus be on application developers to fix it. However, we encourage Microsoft to continue to look at ways to address this issue from a higher level."

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.